LDA-IoT : a level dependent authentication for IoT paradigm

ABSTRACT The IoT-based services are getting a widespread expansion in all the directions and dimensions of this century. In most IoT-based applications, the sensor collects the data and communicates it to the end-user via gateway device or fog device over a precarious Internet channel. The attacker can use this open channel to capture the sensing device or the gateway device to collect the IoT data or control the IoT system. In this paper, we propose a novel approach of authentication for the IoT paradigm called as a Level Dependent Authentication (LDA). In the LDA protocol, we propose a security reliable and resource efficient key sharing mechanism in which users at level can communicate with the sensor at level if and only if the level of user in the organizational hierarchy is lower or equal to the level of sensor deployment. We provide a security analysis for the proposed LDA protocol using random oracle-based games & widely accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tools & BAN (Burrows–Abadi–Needham) logic. We also discuss a comparative analysis of the proposed protocol with other existing schemes based on communication cost, computation cost, and security index. We provide an implementation of the proposed scheme using MQTT (Message Queuing Telemetry Transport) protocol.